public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feature: switch Azure AD graph API to Microsoft Graph API (#440) 

* feature: switch Azure AD graph API to Microsoft Graph API

* Update CHANGELOG

* Expand Breaking Changes notice

* Update CHANGELOG.md

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* fix: use constant http method

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
This commit is contained in:
Mitsuo Heijo 2020-04-12 19:53:30 +09:00 committed by GitHub
parent b0b87563dc
commit 7f72a22227
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@ -12,8 +12,14 @@
- See the changes listed below for PR [#464](https://github.com/oauth2-proxy/oauth2-proxy/pull/464) for full details
- Binaries renamed from `oauth2_proxy` to `oauth2-proxy`
- [#440](https://github.com/oauth2-proxy/oauth2-proxy/pull/440) Switch Azure AD Graph API to Microsoft Graph API (@johejo)
- The Azure AD Graph API has been [deprecated](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api) and is being replaced by the Microsoft Graph API.
If your application relies on the access token being passed to it to access the Azure AD Graph API, you should migrate your application to use the Microsoft Graph API.
Existing behaviour can be retained by setting `-resource=https://graph.windows.net`.
## Changes since v5.1.0
- [#440](https://github.com/oauth2-proxy/oauth2-proxy/pull/440) Switch Azure AD Graph API to Microsoft Graph API (@johejo)
- [#453](https://github.com/oauth2-proxy/oauth2-proxy/pull/453) Prevent browser caching during auth flow (@johejo)
- [#481](https://github.com/oauth2-proxy/oauth2-proxy/pull/481) Update Okta docs (@trevorbox)
- [#474](https://github.com/oauth2-proxy/oauth2-proxy/pull/474) Always log hasMember request error object (@jbielick)
@ -61,7 +67,6 @@ N/A
- [#405](https://github.com/oauth2-proxy/oauth2-proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo)
- [#434](https://github.com/oauth2-proxy/oauth2-proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz)
# v5.0.0
## Release Hightlights

9
providers/azure.go
View File

@ -28,16 +28,15 @@ func NewAzureProvider(p *ProviderData) *AzureProvider {
if p.ProfileURL == nil || p.ProfileURL.String() == "" {
p.ProfileURL = &url.URL{
Scheme: "https",
Host: "graph.windows.net",
Path: "/me",
RawQuery: "api-version=1.6",
Scheme: "https",
Host: "graph.microsoft.com",
Path: "/v1.0/me",
}
}
if p.ProtectedResource == nil || p.ProtectedResource.String() == "" {
p.ProtectedResource = &url.URL{
Scheme: "https",
Host: "graph.windows.net",
Host: "graph.microsoft.com",
}
}
if p.Scope == "" {

13
providers/azure_test.go
View File

@ -41,9 +41,9 @@ func TestAzureProviderDefaults(t *testing.T) {
p.Data().LoginURL.String())
assert.Equal(t, "https://login.microsoftonline.com/common/oauth2/token",
p.Data().RedeemURL.String())
assert.Equal(t, "https://graph.windows.net/me?api-version=1.6",
assert.Equal(t, "https://graph.microsoft.com/v1.0/me",
p.Data().ProfileURL.String())
assert.Equal(t, "https://graph.windows.net",
assert.Equal(t, "https://graph.microsoft.com",
p.Data().ProtectedResource.String())
assert.Equal(t, "",
p.Data().ValidateURL.String())
@ -97,9 +97,9 @@ func TestAzureSetTenant(t *testing.T) {
p.Data().LoginURL.String())
assert.Equal(t, "https://login.microsoftonline.com/example/oauth2/token",
p.Data().RedeemURL.String())
assert.Equal(t, "https://graph.windows.net/me?api-version=1.6",
assert.Equal(t, "https://graph.microsoft.com/v1.0/me",
p.Data().ProfileURL.String())
assert.Equal(t, "https://graph.windows.net",
assert.Equal(t, "https://graph.microsoft.com",
p.Data().ProtectedResource.String())
assert.Equal(t, "",
p.Data().ValidateURL.String())
@ -107,12 +107,11 @@ func TestAzureSetTenant(t *testing.T) {
}
func testAzureBackend(payload string) *httptest.Server {
path := "/me"
query := "api-version=1.6"
path := "/v1.0/me"
return httptest.NewServer(http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
if (r.URL.Path != path || r.URL.RawQuery != query) && r.Method != http.MethodPost {
if (r.URL.Path != path) && r.Method != http.MethodPost {
w.WriteHeader(404)
} else if r.Method == http.MethodPost && r.Body != nil {
w.WriteHeader(200)